<?php
// based on wp-admin/edit-form-ajax-cat.php

require_once('../../../wp-config.php');
require_once('../../../wp-admin/admin-functions.php');
require_once('../../../wp-admin/admin-db.php');
require_once('EventManager.php');

get_currentuserinfo();

// Check that user is the event manager!!!!
$event_id = htmlentities($_REQUEST['event_id']);
$manager_id = $wpdb->get_var("select manager_id from $em_event_table where id = $event_id");
if (em_can_admin_events() || $manager_id != $current_user->id) {

	function get_out_now() { exit; }
	add_action('shutdown', 'get_out_now', -1);

	//Implemented this and posting from AJAX to prevent IE from caching responses
	header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past

	switch ($_REQUEST['action']) {
		case "order_questions":
			$event_id = $_REQUEST['event_id'];
			$sequence = explode(",", $_REQUEST['sequence']);

			for ($i = 0; $i < count($sequence); $i++) {
				$wpdb->query("UPDATE $em_question_table set sequence = '$i' where id = '$sequence[$i]';");
			}
			//echo "updated sequence: " . $_REQUEST['sequence'];

			break;
		default:
			header("HTTP/1.0 404 Not Found");
	}
}